The opinion of the court was delivered by: Schiller, J.
Defendant Regina Tolliver, a former customer service representative at the King of Prussia Mall branch of Citizens Bank, moves this Court for judgment of acquittal or, alternatively, for a new trial following convictions for bank fraud, aggravated identity theft, and unauthorized access of a financial record. Defendant's employee number and password were used in connection with a check cashing scheme. At trial, Defendant did not dispute that the bank fraud occurred, but argued that someone else used her employee number and password to acquire the customer information that allowed this scheme to flourish.
In her post trial motions, Defendant asserts that the fact that her employee number and password were used to access account information is insufficient to sustain her guilt beyond a reasonable doubt. Defendant also asserts that she is entitled to a new trial because the Government improperly shifted the burden of proof to her. For the following reasons, Defendant's motions are denied.
An investigation revealed that several false checks were cashed against the accounts of seven Citizens Bank customers between March and November of 2007. (Mar. 23, 2009 Tr. at 53-82; Gov't's Exs. 102, 103, 105-09, 111-12 [Sarah Migden False Checks] & Exs. 202-04A, 206-07 [Mary Renzi False Checks] & Exs. 302-04, 306-07, 309-11, 313-14 [Lisa Parise False Checks] & Exs. 402-03, 405-06 [Veronica Tucker False Checks] & Exs 502-03, 505-06, 508, 510-11, 513, 515-16, 518, 520-21 [William Guzman False Checks] & Exs. 602-03, 605-06, 608-09 [Steven Mansh False Checks] & Exs. 702-09, 711-12, 714-16 [Evelyn Becker False Checks].) Images from Citizens Bank video cameras revealed that all of these checks were cashed by two "check runners," a male and a female, posing as the Citizens Bank account holders. (Gov't's Ex. 101, 104, 107, 110, 201, 205, 301, 305, 308, 312, 401, 404, 501, 504, 507, 509, 512, 514, 517, 519, 601, 604, 607, 701, 710, 713 [Stills of Check Runners from Citizens Bank Video].)
All of these false checks were foreign checks, meaning that they were drawn on a bank other than Citizens Bank. Once the foreign banks refused to pay, the customers were charged the face value of the checks. (See Mar. 23, 2009 Tr. at 58-59; see, e.g., Gov't's Ex. 102A [Returned Check with Stamp].) However, since the customers were ultimately determined to be victims of fraud, Citizens Bank credited their accounts for the full value of the loss. (Mar. 23, 2009 Tr. at 59.) The false checks amounted to $181,577.00. (Id. at 82, 85-86; Gov't's Ex. 6 [Summ. of Fraudulent Transactions].) Thus, as a result of the fraud, Citizens Bank lost this amount. (See Mar. 23, 2009 Tr. at 61.)
Todd Swoyer, the fraud investigator at Citizens Bank assigned to this case, testified about the computer systems Citizens Bank utilized at the time of the fraud to manage and track its customer accounts. The systems contained customers' personal information, including names, addresses, dates of birth, social security numbers, driver's license numbers, Citizens Bank account numbers and the amount of money in those accounts. (Id. at 31.) Bank employees could access this information through two systems - the main frame system and the touch point system - by entering their employee number and password.*fn1 (Id. at 31-33, 125.)
Each Citizens Bank employee is assigned an employee number, which is not confidential. (Id. at 124.) The password is selected by the individual employee. (Id. at 33.) Citizens Bank employees are instructed that their password must be kept secure and confidential and should not be written down. (Id. at 34; Mar. 24, 2009 Tr. at 24, 29, 33, 37-38, 43-44, 59-60.) Employees are not permitted to share their passwords with anyone else, including other Citizens Bank employees. (Mar. 23, 2009 Tr. at 34, 155.) If an employee believes that another person has learned his or her password, the employee is required to inform management and change the password immediately. (Id. at 34, 155-56.) If an employee must leave a terminal that she has signed into, even if just to go to the bathroom, the employee is required to temporarily lock the terminal or sign off completely. (Id. at 156.) Employees use their passwords frequently, between ten and fifty times daily. (Mar. 24, 2009 Tr. at 24, 30, 34, 38, 44, 60.) Additionally, Citizens Bank employees are required to change their password every two to three months. (Mar. 23, 2009 Tr. at 33.)
When a Citizens Bank employee accesses either system, data concerning that activity is archived into an employee tracking system for six months. (Id. at 36.) This data can be recalled to determine the employee number and password entered to access certain accounts. (Id.) This is known as the employee's "footprint." (Id.)
As part of his investigation in this case, Swoyer ran a footprint report for each of the accounts that had been compromised. (Id. at 87.) Swoyer's investigation revealed that Defendant's employee number was the only common employee number that had accessed these seven individuals' account information. (Id. at 121; Gov't's Exs. 4, 5, 114, 209, 316, 410, 531, 614, 616, 718 [Swoyer's Footprint Searches].) Swoyer's searches also revealed that, with one exception, after the account information was looked up, someone called the Citizens Bank automated system to check the balances of those accounts either shortly after the accounts were accessed or shortly before the fraudulent checks were cashed against the accounts. (Mar. 23, 2009 Tr. at 94-95; Gov't's Ex. 114, 209, 316, 410, 531, 614, 616, 718.) All of the victims who testified stated that they had not made those calls. (Mar. 23, 2009 Tr. at 214; Mar. 24, 2009 Tr. at 11, 19-21, 65.)
The Citizens Bank branch at the King of Prussia Mall maintained several universal computer terminals, which any employee could log onto using his or her employee number and password. (Id. at 144.) Swoyer's investigation revealed that the seven customers' accounts were accessed under Defendant's employee number on February 5th and 8th of 2007 and on March 7th, 8th, and 9th of 2007. The Citizens Bank information technology service was able to determine that the first accounts that were hit were accessed from the King of Prussia Mall branch, where Defendant worked. (Id. at 118; Mar. 24, 2009 Tr. at 49; Gov't's Ex. 2 [Spreadsheet] & Ex. 10.) Defendant's employee number was in use at three different terminals at the same time on that day. (Mar. 23, 2009 Tr.at 133; Mar. 24, 2009 Tr. at 51-53.) However, it was not uncommon for an employee to be logged into multiple terminals at once. (Mar. 23, 2009 Tr. at 157.)
Employee schedules and time and attendance records revealed that Defendant worked on all of the days that her password was used to access the victims' accounts. (Gov't's Ex. 10 [Employee Schedule] & Ex. 10A [Time and Attendance Records].) Defendant's employee log book for those dates reflected that she had not contacted any of the seven victims for sales or business purposes. (Mar. 23, 2009 Tr. at 160, 163; Gov't's Ex. 12A [Def.'s Log Book].) Nor was Defendant assigned to contact any of these individuals for sales purposes. (Mar. 23, 2009 Tr. at 173-74.) Palma Salvucci, the branch manager in 2007, testified that Citizens Bank employees would not be permitted to look at a customer's account and personal information for a reason other than one related to Citizens Bank's business. (Id. at 165.)
According to the schedules, the only other employees at the King of Prussia Mall branch who arguably worked on the relevant days were Angela Anderson and Debby Clarke. Clarke was initially marked as "OFF" for Febraury 8th, March 7th, and March 8th, but the notation "KOP" was written next to her slot on those dates. Salvucci, who assembled the schedules, testified that she used this notation when asked to lend an employee for the day to the other Citizens Bank branch in King of Prussia and that she would change it if she received a call not to send the employee. (Id. at 152.) However, she testified that it is not possible to know for sure, based only on the schedule, whether an individual marked as working at the other Citizens Bank branch for the day in fact did so. (Id. at 153.) Indeed, although the "KOP" notation appeared next to Clarke's schedule for March 7th and 8th, the time and attendance records reflect that she did not work at all on those days.*fn2 (Gov't's Ex. 10A.)
Swoyer and Postal Inspector Frank Busch interviewed Defendant on March 15, 2007. (Mar. 23, 2009 Tr. at 122, 196.) Defendant told Swoyer that she had not given her password to anyone, and stated that she always locked her computer when she walked away from a terminal. (Id. at 122) Additionally, all of Defendant's former co-workers who testified at trial claimed that they never knew Defendant's password and that they never saw her password written down. (Id. at 156; Mar. 24, 2009 Tr. at 25, 30-31, 34-35, 39, 44-45, 60.) Although a page in Defendant's log book read "password, Aries12, as HR express, password, evil1ass, lifecare, RSM1love, Aries12," Defendant told ...